netfilter: nf_conncount: speculative garbage collection on empty lists

commit c80f10bc973af2ace6b1414724eeff61eaa71837 upstream. Instead of removing a empty list node that might be reintroduced soon thereafter, tentatively place the empty list node on the list passed to tree_nodes_free(), then re-check if the list is empty again before erasing it from the tree. [ Florian: rebase on top of pending nf_conncount fixes ] Fixes: 5c789e131cbb9 ("netfilter: nf_conncount: Add list lock and gc worker, and RCU for init tree search") Reviewed-by: Shawn Bohrer <sbohrer@cloudflare.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-12-28 01:24:48 +0100
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-01-22 21:09:47 +0100
commit: 385c1e4b7788a88bed1f7d1315f851ada1260643 (patch)
tree: d02223c6e95a654883ae3eaf647dbcd758efd206 /include
parent: 2c58a49f2a07d797ea74b09dcaacb9fe593862aa (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_conntrack_count.h b/include/net/netfilter/nf_conntrack_count.h
index aa66775c15f4..f32fc8289473 100644
--- a/include/net/netfilter/nf_conntrack_count.h
+++ b/include/net/netfilter/nf_conntrack_count.h
@@ -9,7 +9,6 @@ struct nf_conncount_list {
 	spinlock_t list_lock;
 	struct list_head head;	/* connections with the same filtering key */
 	unsigned int count;	/* length of list */
-	bool dead;
 };
 
 struct nf_conncount_data *nf_conncount_init(struct net *net, unsigned int family,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-12-28 01:24:48 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-01-22 21:09:47 +0100
commit	385c1e4b7788a88bed1f7d1315f851ada1260643 (patch)
tree	d02223c6e95a654883ae3eaf647dbcd758efd206 /include
parent	2c58a49f2a07d797ea74b09dcaacb9fe593862aa (diff)